Patrick
/
Stundenaufzeichnung
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

reintroduced permission check

This commit is contained in:
Patrick 2025-08-25 16:53:57 +02:00
parent 1049b04968
commit 0cd32a0276
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/routes/user/+page.server.ts
View File

@ -72,7 +72,7 @@ export const actions = {
if (locals.user.id != id
&& (!Permissions.has(locals.user.permissions, Permissions.USERADMIN.EDIT)
|| ((password1 != null || password2 != null) && !Permissions.has(locals.user.permissions, Permissions.USERADMIN.EDIT_PASSWORD)))) {
//return fail(403, { message: "Unauthorized action" })
return fail(403, { message: "Unauthorized action" })
}
if (password1 != null && password2 != null && password1.length > 0 && password2.length > 0) {
@ -84,9 +84,11 @@ export const actions = {
return fail(500, { message: "Database failure"})
}
}
let permissions = null
permissions = ua_permissions.reduce((pv, cv) => pv | cv)
let permissions = ua_permissions.reduce((pv, cv) => pv | cv)
if (locals.user.id == id && locals.user.permissions != permissions) {
return fail(403, { message: "Cannot modify permissions for oneself" })
}
const updated_user = updateUser({id, name, gender, address, username, permissions})
SessionStore.reload_user_data(updated_user ?? locals.user)